In the functions from line 64 to line 198 in DAOConfig.sol and lines 65 to 96 in PriceAggregator.sol, it is possible to adjust the parameters to below or above their in intended range.
As an example, in the changeBootstrappingRewards function [in DAOConfig.sol], it is possible to adjust the bootstrappingRewards to below 50,000 or to above 500,000.
function changeBootstrappingRewards(bool increase) external onlyOwner
{
if (increase)
{
if (bootstrappingRewards < 500000 ether)
bootstrappingRewards += 50000 ether;
}
else
{
if (bootstrappingRewards > 50000 ether)
bootstrappingRewards -= 50000 ether;
}
}
Recommended Mitigation Steps
Consider using require() statements to make sure the functions finish execution only if the parameters are adjusted to a number within the specified range.
Alternatively, adjust the values in the if statements by the adjustment value [that is, decrease the comparison bound by the adjustment value in the if(increase){} block and increase the comparison bound by the adjustment value in the else{} block] and change the < to <= and > to >= as such:
function changeBootstrappingRewards(bool increase) external onlyOwner
{
if (increase)
{
if (bootstrappingRewards <= 450000 ether)
bootstrappingRewards += 50000 ether;
}
else
{
if (bootstrappingRewards >= 100000 ether)
bootstrappingRewards -= 50000 ether;
}
}
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAOConfig.sol#L64-L198 https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/price_feed/PriceAggregator.sol#L65-L96
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/dao/DAOConfig.sol#L64-L198
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/price_feed/PriceAggregator.sol#L65-L96
In the functions from line 64 to line 198 in DAOConfig.sol and lines 65 to 96 in PriceAggregator.sol, it is possible to adjust the parameters to below or above their in intended range.
As an example, in the changeBootstrappingRewards function [in DAOConfig.sol], it is possible to adjust the bootstrappingRewards to below 50,000 or to above 500,000.
Recommended Mitigation Steps
Consider using require() statements to make sure the functions finish execution only if the parameters are adjusted to a number within the specified range.
Alternatively, adjust the values in the if statements by the adjustment value [that is, decrease the comparison bound by the adjustment value in the if(increase){} block and increase the comparison bound by the adjustment value in the else{} block] and change the < to <= and > to >= as such:
Assessed type
Math